White paper (plain English)

Notary Log — Proof-of-Existence on Hedera

Notary Log helps you create a tamper-evident receipt that a file existed at (or before) a particular time, without uploading the file. It anchors a hash (or a privacy-preserving commitment) to Hedera Consensus Service.

Contents

1. Quick start2. What this is3. What it proves / doesn’t4. Privacy modes5. How to use6. How it works (technical)7. Threat model8. How to build / run it9. FAQ10. Glossary

1) Quick start (5 minutes)

  1. Go to Notarize.
  2. Select a file (the file stays on your device).
  3. Choose Public Hash or Private Commitment.
  4. (Optional) Enable Sign with MetaMask to attach a signer identity.
  5. Click Submit to Hedera.
  6. Save the receipt link. For Private Commitment, also save the reveal bundle (it contains the salt).
  7. Later, go to Verify and verify by uploading the file (and providing the salt/bundle for commitments).

2) What this is (in plain English)

A hash is like a “fingerprint” of a file. If the file changes, the fingerprint changes.

Notary Log computes that fingerprint in your browser and anchors it to Hedera Consensus Service (HCS). HCS provides an ordered, timestamped log. Later, anyone can check the log (via a Mirror Node) to confirm the fingerprint was recorded.

Important: this is not legal notarization. It’s tamper-evident proof-of-existence / audit trail tooling.

3) What it proves / what it doesn’t

It can prove

  • A specific hash/commitment was recorded on Hedera at/around a consensus timestamp.
  • If you have the same file later, you can prove it matches the recorded hash/commitment.
  • If MetaMask signing was used, which EVM address signed the notarization payload.

It does not prove

  • Legal notarization, authorship, ownership, or intent.
  • The document contents (only hash/commitment is anchored).
  • Real-world identity (an address is not a person).

4) Privacy modes

Public Hash (default)

The SHA-256 hash of the file is stored on Hedera. Anyone who has the file can compute the same hash and verify it.

Private Commitment (recommended for sensitive docs)

Instead of storing the raw file hash on Hedera, the app stores a salted commitment. The salt never leaves your device.

  • You must save the reveal bundle (contains the salt) to verify later.
  • If you lose the salt, you may not be able to prove the match later.
  • You can optionally store reveal bundles in local history, but that is less secure than offline storage.

5) How to use (step-by-step)

Notarize

  1. Open Notarize.
  2. Select a file. The app hashes it locally.
  3. Pick mode: Public Hash or Private Commitment.
  4. (Optional) Enable MetaMask signing.
  5. Click Submit. Save the receipt link.
  6. If Private Commitment: download and store the reveal bundle.

Verify

  1. Open Verify.
  2. Choose verification mode (Public Hash or Private Commitment).
  3. Upload the file (recommended) or paste a hash/commitment.
  4. If Private Commitment: paste salt or upload the reveal bundle.
  5. Adjust “Search depth” if your entry is older or the topic is high-volume.
  6. Review matches: consensus time, sequence number, and signature validity (if present).

6) How it works (technical, short)

You do not need to understand this section to use the app, but it’s helpful for reviewers and builders.

  • Client hashing: uses Web Crypto API to compute SHA-256 in the browser.
  • Submission: Next.js API route submits JSON payloads to HCS via Hedera SDK.
  • Verification: server queries Mirror Node topic messages, decodes, parses JSON, matches hash/commitment.
  • Wallet signing: MetaMask signs EIP-712 typed data; server recovers signer address and stores signature metadata on-chain.

7) Threat model (what can go wrong)

  • File changed: even one byte changes SHA-256 → verify fails.
  • Wrong topic/network: testnet vs mainnet mismatch or wrong topicId → “not found”.
  • Commitment salt lost: without the salt (or reveal bundle), you may not be able to verify commitments later.
  • Local storage exposure: if you store reveal bundles locally, anyone with access to your browser profile may retrieve salts.
  • Search depth too low: verification scans a bounded number of pages → increase search depth for older entries.
  • Signer confusion: an address is not a person; identity requires external binding (e.g., org policy, KYC, etc.).

8) How to build / run it (for beginners)

Prerequisites

  • Node.js 18+
  • A Hedera testnet account + an HCS topic

If you’re new to Hedera testnet setup, follow HEDERA_SETUP.md.

Run locally

  1. Copy .env.example to .env.local.
  2. Fill in Hedera credentials and topicId.
  3. Run npm install then npm run dev.
  4. Open http://localhost:3000.

Deploy to Vercel

  1. Import the repo into Vercel.
  2. Add environment variables from .env.example in Vercel settings.
  3. Deploy.

9) FAQ

Does this upload my file?

No. Hashing happens in your browser. The server only receives the hash/commitment and metadata.

Why does Verify sometimes say “not found”?
  • You’re using the wrong network (testnet vs mainnet) or the wrong topicId.
  • The search depth is too low for an older entry.
  • The file has changed (even a tiny change).
  • For commitments, you used the wrong salt or lost the reveal bundle.
What does MetaMask signing add?

It allows verifiers to confirm that a specific EVM address signed the notarization payload. It does not prove real-world identity unless you map addresses to identities externally.

10) Glossary

Hash (SHA-256)
A deterministic fingerprint of data. Same file → same hash.
Commitment
A privacy-preserving value derived from the hash + a secret salt.
Salt
A random secret used to prevent others from learning the underlying hash.
HCS (Hedera Consensus Service)
An ordered, timestamped message log on Hedera.
Mirror Node
A REST API that lets you query HCS topic messages.
EIP-712
A standard for signing structured data with a wallet like MetaMask.